[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Routing and setup questions for IPMasq and real IPs

To: luci-discuss@luci.org
Subject: Re: Routing and setup questions for IPMasq and real IPs
From: Danny Sauer <sauer@cloudmaster.com>
Date: Mon, 11 Mar 2002 16:54:54 -0600
In-Reply-To: <20020311133403.A27248@obfuscated.sprileet.net>; from damacus@bastion.yi.org on Mon, Mar 11, 2002 at 01:34:03PM -0600
Organization: Linux Users of Central Illinois
References: <20020311133403.A27248@obfuscated.sprileet.net>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org

Just put the real IP on the internal computer, add a static route on the
router machine, and set the ipchains rules to forward traffic.  Assuming
you have 1.2.3.4 and 4.3.2.1 as your real addresses, you can do something
vaugely like this:

internal machine:
ifconfig eth0 4.3.2.1 netmask 255.255.255.255
	route add host 1.2.3.4 eth0
	route add default gw 1.2.3.4
or
	ifconfig eth0:1 192.168.1.x
	route add default gw 192.168.1.1

router machine:
ifconfig eth0 1.2.3.4 netmask 255.255.255.255
ifconfig eth1 192.168.1.1
route add host 4.3.2.1 eth1
ipchains -P forward DROP
ipchains -A forward -b -s 4.3.2.1 -d 0.0.0.0 -j ACCEPT
ipchains -A forward -s 192.168.1.0/24 -d 0.0.0.0 -j MASQ

The syntax may or may not be a little off, but you get the idea.  As long as
the packets for the second IP address are coming in on the router's interface
to the internet, then the router will send them along to the next appropriate
hop (which is the machine itself).  The ISPs routers shoudl pick up on the
MAC address of your router machine as their neighbor to send packets for both
IPs, and the router will know to forward along the ones not destined for it.
The IP connections are a series of hops, with each router along the way only
knowing which hop to send to next - not how to get to the final destination.

This is how my home network is set up, BTW.  I have 2 real IPs and one fake
IP (my ISP masqs my connection).  The real IPs are routed to my fake IP, and
the machine listening there forwards those IPs to virtual interfaces inside
my house.  My router can't be directly reached from the internet.  The drawback
is that I need static routes for those machines, which is a pain to maintain.
I don't think there's a way around that when the router is on the same physical
network but not on the same logical network (and thus, can't use netmasks to
figure out the route).

Lemme know if that was unclear. :)
--Danny

On Mon, Mar 11, 2002 at 01:34:03PM -0600, Damacus wrote:
> Hey there,
> 
> It's been a long time since I've posted to this list.  The forward about WOW
> boxes and such made me remember a question I had.
> 
> I have a cable modem with 2 IPs.  I'd love to, instead of having the cable
> modem on the uplink port of my hub, have it connected to my 486 w/ 2 NICs.  If
> I only needed IPMasq, I'd be fine, since I've been doing that for ages.
> 
> My twist is that I also want another machine on the network to have a real IP
> from Insight as well.
> 
> So, the network would be like:
> 
> INET <-eth1-> Linux Router <-eth0-> NAT <--- 192.168.1 ---> {assorted comps} 
>                            <-eth0-> real IP comp
> 
> Am I overlooking an easy solution for getting the second machine with a real
> IP (the first machine with a real IP being the router itself) to route thru
> the other Linux box?
> 
> Also, there's no guarantee that the real IP of comp2 with be on the same
> netblock as the real IP of the router.

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: Routing and setup questions for IPMasq and real IPs
  - From: Damacus <damacus@bastion.yi.org>

References:
- Routing and setup questions for IPMasq and real IPs
  - From: Damacus <damacus@bastion.yi.org>

Prev by Date: Re: auto modules
Next by Date: Re: auto modules
Prev by thread: Re: Routing and setup questions for IPMasq and real IPs
Next by thread: Re: Routing and setup questions for IPMasq and real IPs
Index(es):
- Date
- Thread